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(57)Abstract: 

PROBLEM TO BE SOLVED: To provide an IP-VPN service of a 
method for providing a VPN service at low costs by diverting an 
already existing technology by logically or physically multiplying the 
Bl communication of a VPN user between the edge routers of a 

■m T communication agent network. 
/ r*—. (SOLUTION: Edge routers 1 50-A and 150-B arranged in a 




C3 



communication agent network respectively store received route 
^information in the route table of the corresponding VPN, and notify 
Jthe other edge router of the route information by a route information 
notifying means independent for each VPN. The other edge router 
device which receives the route information selects the 
corresponding VPN, and stores the route information in the route 
table of the selected VPN. Thus, it is not necessary to extend any 
BGP protocol. Therefore, it is possible for a communication agent to 
utilize the already existing router, and to easily construct the VPN service. 

* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1This document has been translated by computer. So the translation may not reflect the original precisely. 
2.**** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 
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CLAIMS 



[Claim(s)] 

[Claim 1]As opposed to two or more VPN user networks connected to at least one physical network, It is a 
channel information notifying method of VPN (Virtual Private Network) service which provides a virtual 
permanent communication way for every user, An edge router device which exists in a physical network 
network and is arranged at a contacting part with two or more above-mentioned VPN user networks, A 
channel information notifying method notifying channel information received from two or more 
above-mentioned VPN user networks to other edge router devices by a channel information reporting 
means which was able to be independently established for every VPN. 

[Claim 2]In order that an edge router device besides the above may make selectable a VPN user 
corresponding to received channel information in claim 1, By using a transmission source address which is 
different when holding a conversion table of an IP address a transmitting agency edge router device's, and a 
VPN user's identifier and notifying channel information of different VPN, A channel information notifying 
method, wherein an edge router device besides the above chooses VPN corresponding to received channel 
information using the above-mentioned conversion table. 

[Claim 3]In order that an edge router device besides the above may make selectable VPN corresponding to 
received channel information in claim 1, In setting-operation of a connection for the notice of a course on 
which the above-mentioned edge router device is performed in advance of a notice of channel information, 
A channel information notifying method, wherein recognition of VPN corresponding to channel information 
received henceforth of an edge router device besides the above is attained by including an identifier of VPN 
in a connection setting request message. 

[Claim 4]As opposed to two or more VPN user networks connected to at least one physical network, It is a 
VPN service which provides a virtual permanent communication way for every user, A VPN service, wherein 
a channel information reporting means which exists in a physical network network and is arranged at a 
contacting part with two or more above-mentioned VPN user networks and which has two or more edge 
router devices, and became independent to two or more above-mentioned VPN user networks between the 
above-mentioned plurality edge router devices is established. 

[Claim 5]As opposed to two or more VPN user networks connected to at least one physical network, It is an 
edge router device used for VPN (Virtual Private Network) service which provides a virtual permanent 
communication way for every user, The edge router device exists in a physical network network, and is 
arranged at a contacting part with two or more above-mentioned VPN user networks, An edge router device, 
wherein said the edge router device can notify channel information received from two or more 
above-mentioned VPN user networks to other edge router devices via a channel information reporting 
means which was able to be independently established for every VPN user. 

[Claim 6]As opposed to two or more VPN user networks connected to at least one physical network, It is a 
channel information notifying method of VPN (Virtual Private Network) service which provides a virtual 
permanent communication way for every user, An edge router device which exists in a physical network 
network and is arranged at a contacting part with two or more above-mentioned VPN user networks, Have 
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the route table which became independent for every VPN, and the above-mentioned edge router device 
stores in a corresponding route table of VPN channel information received from two or more 
above-mentioned VPN user networks, and. A channel information notifying method notifying the 
above-mentioned channel information to other edge router devices by a channel information reporting 
means independently established for every VPN. 

[Claim 7]A network system which has a network which connects two or more user networks characterized 
by comprising the following, and a user network of this plurality mutually. 

A virtual permanent communication way for transmitting and receiving information among two or more 
above-mentioned user networks is set as the above-mentioned network, It is a method for notifying channel 
information for building VPN containing a user network of this plurality among two or more router devices 
which connect each of a user network of this plurality to this network, A step which sets up a channel 
corresponding to VPN by which the above-mentioned construction of [ for notifying the above-mentioned 
channel information among two or more above-mentioned router devices ] is carried out. 
A step which notifies channel information of a user network contained in VPN corresponding to this channel 
via the above-mentioned channel. 

[Claim 8]A channel information notifying method which is the channel information notifying method 
according to claim 7, and is characterized by a step which sets up said channel having a step which requires 
setting out of said channel using identification information of said VPN built. 

[Claim 9]A channel information notifying method, wherein it is the channel information notifying method 
according to claim 8 and said identification information is an IP address corresponding to said VPN built. 
[Claim 10]A router device characterized by comprising the following for connecting two or more user 
networks mutually, and connecting a user network to a network which builds VPN which sets up a virtual 
permanent communication way for transmission and reception of information between user networks of this 
plurality, and contains a user network of this plurality. 

The first means of communication for communicating with a user network. 

The second means of communication for communicating with other router devices linked to the 
above-mentioned network. 

A user network which communicates via the first means of communication of the above. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention]In the network system which is serving the virtual private network, this invention 

relates to the art for exchanging the course of a user network between edge routers. 

[0002] 

[Description of the Prior Art]By rapid progress of network technology, the computer in a its company 
building is connected in a company etc., and the demand of liking to use it in a building, connecting 
applications, such as WWW (World Wide Web) and mail, is increasing. It was widely realized by the spread of 
LAN (Local Area Network) which connects the computer in a building mutually. Next, it changed to 
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connecting each branch office by which users' demand is distributed locally and LAN maintenance is carried 
out. The virtual private network (VPN) which can use the network in the private state virtually at the user 
side attracts attention by providing the network which connects the company user of the position from 
which a net provider differs as art of realizing it. How to multiplex a VPN customer s communication logically 
or physically can be considered between the edge routers placed by the edge part of the communication 
enterprise network, i.e., the peripheral part which is points of contact with a customer network, as a method 
of building VPN among the user hosts who are in a remote place mutually. Thereby, from a VPN customer, it 
is visible as connected in the dedicated line. In this method, since a customer network and a communication 
enterprise network can use an Internet protocol address, IP-VPN service of VPN of this method is written 
below. 

[0003]The art of realizing IP-VPN is indicated by RFC2547 which is a standard document which 
standardization organization IETF (Internet Engineering Task Force) of Internet technique specifies. By 
RFC2547, in order to build IP-VPN service, carrying out the following processings to the edge router of a 
communication enterprise is described. An edge router holds and manages first the route table separated 
for every VPN site. And the course of a route table is exchanged using BGP which is a routing protocol 
between edge routers. Since it specifies in which route table in the edge router of a report destination the 
course to notify is written when notifying a course to other edge routers from an edge router, the following 
extended mounting has been given to the edge router, it is a set of the IP address belonging to a certain 
group — the prefix of the course equivalent to the group of an IP address and a subnet mask (length from 
the starting point of an IP address to a terminal point) — in addition, It adds to the course message which 
notifies the identifier which specifies in which route table the course is written by BGP, and the edge router 
of the course receipt point writes it in the route table for every VPN site managed by itself, seeing the 
identifier. He is a BGP peer (.) so that in other words it may be shown concretely at drawing 18 . Namely, 
course exchange reporting means 190-A for two sets of the routers which had the BGP protocol mounted 
is stretched between [ one ] the edge routers 150, In order to use in common by two or more VPN user 
network 100-A, 100-B, 1 10-A, and 1 10-B, it will be necessary to add the VPN identifier used for a course 
notification message by a data communication line. In drawing 18 , one tunnel (data communication line) 195 
is further formed as an object for data packet transmission between the edge routers 1 50. These BGP peer 
and a tunnel function mutually independently. 
[0004] 

[Problem(s) to be Solved by the Invention]There are the following two problems in the conventional 
technology at the time of offering IP-VPN service. 

[0005]The first problem is extending a BGP protocol in order to add the identifier of a route table to the 
course notification message of BGP. For this reason, interconnection with the router designed based on the 
existing BGP protocol becomes impossible. The second problem is being unable to divert the existing 
filtering function, when realizing course filtering functions, such as incorporation point specification 
(selection of the route table to reflect), to the channel information of each which the edge router received. 
In the existing BGP protocol without the concept of VPN, following three existed in the course filtering 
function. The 1st is the BGP peer unit used for course transmission and reception, and it is a filter which 
can choose whether the course which went via the peer (channel) is stored or discarded. It is a prefix unit 
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which is a group of the 2nd, an IP address, and a subnet mask, and is a filter which can choose whether a 
course is stored or discarded. The 3rd is a form where the two above-mentioned filters were set, they are a 
group of the BGP peer for course transmission, and an IP address, and are a filter which can choose 
whether a course is stored or discarded. 

[0006] However, since filtering using the VPN identifier added to the course notification message cannot be 
performed, a route table is inseparable in these functions, for every VPN site using the existing filter. 
[0007]When it is going to provide a VPN service, these problems mean that the software update of all the 
edge routers virtual private within the net or device exchange is needed, and lead to introduction cost going 
up remarkably. 
[0008] 

[Means for Solving the Problem]In this invention, an edge router is installed within the net [ of a 
communication enterprise ], and it is connected by a router and a circuit of a VPN customer network. An 
edge router of a communication enterprise receives a course of a VPN site in which it is installed, from a 
router of a VPN customer network. 

[0009]An edge router of a communication enterprise notifies a received course to other edge routers of a 
communication enterprise using a routing protocol. Other edge routers which received a course recognize 
VPN corresponding to the course by a method shown below, and write a course in a route table 
corresponding to recognized VPN, and they notify the course to a router of a connected user network. 
[0010]It is exchanged in a course of a user network by the above. 

[0011]When an edge router of a communication enterprise receives a VPN customer's course, how to 
identify the VPN is shown. A VPN identifier is not included in a course notification message called a 
UPDATE message (a path attribute to course deletion / addition, and an IP address is comprised) which is a 
packet of channel information in this invention, VPN is identified using a connection request message 
required as stretching a peer of BGP for transmitting and receiving a course notification message between 
edge routers. 

[001 2]A method of identifying VPN by a connection request message has two of the followings. 
[001 3]A primary method identifies VPN by a connection partner's IP address included in a connection 
request message, when an edge router receives a connection request message. By referring to an IP 
address of a connection partner who had registered by an administrator of an edge router beforehand, and a 
conversion table of a VPN identifier, matching with a connection request message and a VPN identifier is 
attained. The second method is adding a VPN identifier to a message of a connection request, when an edge 
router's transmits a connection request message, and an edge router of a side which receives a connection 
request discriminates VPN from a connection request message. A connection request message is also 
called an OPEN message and comprises a BGP header (BGP-ID which is an informer address is comprised), 
and an IP header (IP address which shows a transmitting agency / transmission destination). By this method, 
a VPN identifier in a request message can be compared with a VPN identifier which is in its configuration 
definition immediately in an edge router of a side which received a connection request. 

[0014]An edge router will stretch a BGP peer for transmitting and receiving a course notification message 
about the VPN, if VPN is discriminated from a connection request message. 

[0015]Therefore, the edge router can identify the thing corresponding to which VPN a course notification 
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message transmitted and received via the BGP peer for every BGP peer is. 

[001 6]A VPN customer's course can be exchanged between edge routers, without this extending a course 
notification message. Since a BGP peer is prepared for a VPN user unit by this method also about a course 
filter, a filter of the existing BGP peer unit can be diverted as a filter of a VPN user unit as it is. As opposed 
to a specific user by whom this invention is furthermore connected to one physical network, It is a VPN 
service to two or more VPN users who provide a virtual permanent communication way for every user, Exist 
in a physical network network and it has a plurality edge router device arranged at a contacting part with a 
user network, Each edge router device is providing a VPN service, wherein it has a route table relevant to a 
VPN user and two or more channel information reporting means which became independent to two or more 
VPN users at least are established between edge router devices. As opposed to a specific user by whom 
this invention is furthermore connected to one physical network, It is an edge router device used for a VPN 
service which provides a virtual permanent communication way for every user, The edge router device 
exists in a physical network network, and is arranged at a contacting part with a user network, [ two or 
more ] It is providing an edge router device, wherein each edge router device's has a route table relevant to 
a VPN user and a channel information reporting means which became independent for every VPN user may 
be established among two or more edge router devices. 

[001 7]A network system which furthermore has a network which connects mutually two or more user 
networks which are characterized by that that this invention provides a channel information notifying 
method comprises the following, and a user network of this plurality. 

A virtual permanent communication way for transmitting and receiving information among two or more 
above-mentioned user networks is set as the above-mentioned network, It is a method for notifying channel 
information for building VPN containing a user network of this plurality among two or more router devices 
which connect each of a user network of this plurality to this network, A step which sets up a channel 
corresponding to VPN by which the above-mentioned construction of [ for notifying the above-mentioned 
channel information among two or more above-mentioned router devices ] is carried out. 
A step which notifies channel information of a user network contained in VPN corresponding to this channel 
via the above-mentioned channel. 

[0018]In the above-mentioned channel information notifying method, a step which sets up said channel has 
a step which requires setting out of said channel using identification information of said VPN built. 
[0019]In the above-mentioned channel information notifying method, said identification information is 
characterized by being an IP address corresponding to said VPN built. 

[0020]Furthermore, this invention connects two or more user networks mutually, and a virtual permanent 
communication way for transmission and reception of information between user networks of this plurality is 
set up, The first means of communication for being a router device for connecting a user network to a 
network which builds VPN containing a user network of this plurality, and communicating with a user 
network, In order to build VPN containing a user network which communicates via the second means of 
communication and first means of communication of the above for communicating with other router devices 
linked to the above-mentioned network, It has a channel management tool which manages a channel for 
transmitting and receiving channel information of a user network contained in this VPN among other router 
devices which communicate via the second means of communication of the above, Match the 
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above-mentioned channel management tool with VPN built, manage the above-mentioned channel, and the 
second means of communication of the above, When transmitting or receiving channel information for 
building VPN, the above-mentioned channel management tool is providing a router device using a channel 
which was matched with VPN this built and has been managed. 
[0021] 

[Embodiment of the Invention]Hereafter, this invention is explained using a drawing. 

[0022] Drawing 1 shows the system configuration of VPN. This system comprises the communication 
enterprise network 120, user network 100-A, 100-B, 110- A, and 110-B. 100-A and 110-A use a certain 
user network, 100-B, and 110-B as another user network. From 100-A, it can communicate normally on a 
communication enterprise network to 110-A. Since the communication to 100-B from 100-A or 110-B 
differs in a user, it covers communication. When user networks differ, address spaces also differ. For 
example, the IP address currently used with a certain user network can also be used with other user 
networks. 

[0023]The route table 160 or 170 in the edge router 150 is managed for every VPN. Route table 160-A in 
edge router 150-A receives the course in user network 100-A corresponding to a route table from router 
130-A of a user network, and writes it in. And the course notified from route table 170-A in another edge 
router 150-B which belongs to the same VPN is also written in. It is necessary to prepare the course 
exchange reporting means which became independent for every VPN as pre-preparation of exchange of the 
VPN course between the edge routers 150. There is a peer of a BGP protocol as an example of a course 
exchange reporting means. In practice, it is the thing of TCP (Transfer Control Protocol) connection to 
which communication was guaranteed on the IP network, and is exchanged in a course using the TCP 
connection. Subsequent explanation explains a course exchange reporting means using the term of a BGP 
peer. 

[0024]BGP peer 190-A and 190-B are prepared for every VPN. The information which identifies VPN is not 
included in the route notifying packet which flows on a BGP peer. The edge router which received channel 
information specifies VPN of the notified course with reference to the BGP peer management table 346 (it 
explains in full detail in drawing 5 ) which is a conversion table of a BGP peer and a VPN identifier. 
[0025]A channel is set up between the edge routers 150 and communication between VPN sites is 
performed by passing the data packet of VPN to the channel. The core router 180 does not hold the route 
table of VPN, but relays the data packet of VPN using the set-up channel. 
[0026j Drawing 2 shows the hardware constitutions of the edge router 1 50. 

[0027]CPU(Central Processing Unit) 200 is a processor for executing the program stored in the memory 
210. In the memory 210, the control program 215 for performing the operating system 213 for controlling the 
whole device and operation as a router device is stored. 

[0028]The user network side network controller 220 controls the transmission and reception which the edge 
router 150 performs between the routers of a user network. The communication enterprise network side 
network controller 225 controls the transmission and reception which the edge router 150 performs 
between a partner's edge routers 150. The keyboard controller 230 controls the keystroke from the 
keyboard 235. The serial controller 240 controls input/output devices, such as the mouse 245 connected to 
the serial port. The controller displays 250 control a screen display to the display monitor 255. The disk 
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controller 260 controls the input and output to the disk unit 265. 

[0029]Although premised on performing operation of the edge router 150 by a network administrator in this 
example from the keyboard 235, the mouse 245, and the display monitor 255 by which direct continuation 
was carried out to the device, Of course, it is also possible to operate it using the input/output device in the 
remote place connected via the edge router 150 and the network. 
[0030] Drawing 3 shows the software configuration of the edge router 150. 
[0031]I/O control unit 310 controls the input from a keyboard, and the output to a display. 
[0032]The user network side network interface part 380 performs processing about transmission and 
reception between the routers by the side of a user network, such as passing the user network side 
communications department 360 the packet which received from the router by the side of a user network, 
or transmitting a packet to a network by demand of the user network side communications department 360. 
[0033]The communication enterprise network side network interface part 390, Processing about 
transmission and reception between the edge routers 1 50 by the side of a communication enterprise 
network, such as passing the communication enterprise network side communications department 370 the 
packet which received from the edge router 150 by the side of other communication enterprise networks, or 
transmitting a packet to a network by demand of the communication enterprise network side 
communications department 370, is performed. 

[0034]The user network side communications department 360 the packet which received from the user 
network side network interface part 380, According to the result, pass the direction of the suitable 
treatment module of the routing protocol packet analyzing parts 340 and the data relay parts 350, or, 
Packet distribution processing to the interpretation and each module of a packet header according to an 
internal protocol, such as adding the suitable header for the packet passed from these treatment modules, 
and passing the user network side network interface part 380, is performed. This user network side 
communications department 360 is taken as the first means of communication for communicating with a 
user network here. 

[0035]The communication enterprise network side communications department 370 the packet which 
received from the communication enterprise network side network interface part 390, According to the 
result, pass the direction of the suitable treatment module of the routing protocol packet analyzing parts 
340 and the data relay parts 350, or, Packet distribution processing to the interpretation and each module of 
a packet header according to an internal protocol, such as adding the suitable header for the packet passed 
from these treatment modules, and passing the communication enterprise network side network interface 
part 390, is performed. This communication enterprise network side communications department 370 is 
taken as the second means of communication for communicating with other edge router devices linked to a 
network here. 

[0036]The data relay part 350 relays the data of the user network side communications department 360, the 
communication enterprise network side communications department 370, and the routing protocol packet 
analyzing parts 340, and determines to which functional block it transmits with reference to the header of a 
packet. Furthermore, in the case of data transfer, the interface to send out is determined with reference to 
the route table 160 or 170. 

[0037]After analyzing the packet of a routing protocol, the routing protocol packet analyzing parts 340 pass 
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the course filter Management Department 330 channel information, in order to add or delete a course. If the 
connection request packet of BGP is normal, connection is requested from the BGP peer Management 
Department 344 in order to register it. 

[0038]The BGP peer Management Department 344 holds the connection, when connection of BGP is 
successful. In order that this BGP peer Management Department 344 may build here VPN containing the 
user network which communicates via the first means of communication of the above, It is considered as 
the channel management tool which manages the channel for transmitting and receiving the channel 
information of the user network contained in this VPN among other edge router devices which communicate 
via the second means of communication of the above. An initial entry is written in the BGP peer 
management table 346. 

[0039]The course filter Management Department 330 decides with reference to the course filter table 335 
which restricts the addition of a course whether to permit it, when there is an addition of a course or a 
demand of deletion by the routing protocol packet analyzing parts 340. 

[0040]Since the route table Management Department 320 writes the course permitted with the course filter 
in the route table 160 or 170 managed for every VPN and each route table supports VPN, With reference to 
the BGP peer management table 346, it is specified as which VPN whether a course is written in. The route 
table Management Department 320 searches the route table 160 or 170 for data packet transmission. 
[0041] Drawing 4 shows the form of the route table 160 or 170 which the edge router 150 uses. It dissociates 
for every VPN and this route table is held within a router. 

[0042]The channel information of each VPN is stored in the route table 160 or 170 by table format. The 
inside of the IP address constituted from IP address 410, network ID, and host ID of a course by each 
channel information, The subnet mask 420 used since the length of network ID is specified, NextHop430, the 
interface identifier 440, IP address 450 of a course transmitting former router, and the attribute 460 of a 
course are contained. 

[0043]IP address 410 of a course, the subnet mask 420, and NextHop430 are notified from other routers. In 
order that NextHop430 may reach the transmitting agency router which notified the course, the edge router 
150 shows the address of the following router to which a data packet is transmitted. The interface identifier 
440 is an identifier for specifying the interface by the side of the edge router 150 connected to NextHop430. 
[0044]IP address 450 of a course transmitting former router identifies the BGP peer of course transmitting 
origin. The IP address of a course transmitting former router is used for a course filter. For example, when it 
corresponds to setting out of the administrator of not writing all the courses that came from a certain BGP 
peer in the route table 1 60 or 1 70, IP address 450 of the course transmitting former router whether the 
course was notified by which BGP peer is referred to. 

[0045]The attribute 460 of the course is prescribed by the BGP protocol. For example, when the same 
course is notified by two or more BGP peers, the cost of the course which course to adopt is specified. 
[0046] Drawing 5 shows the form of the BGP peer management table 346 which an edge router uses. 
[0047]The BGP peer identifier 510, a connection partner s IP address 520, and VPN-ID530 are contained in 
the BGP peer management table 346 of drawing 5 . The BGP peer identifier 510 is a number which identifies 
the BGP peer who holds within this device. When the connection request of BGP is received, since VPN of 
the connection is specified, a connection partner's IP address 520 and VPN-ID530 are used. 
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[0048]A connection request is processing required of the edge router of these others as stretching a BGP 
peer, in order that an edge router may perform course exchange among other edge routers, and an edge 
router notifies the information on a selvedge router to the edge router of these others, in order to obtain 
permission of course exchange. A connection-request receiver router accepts connection to the 
transmitting side, or chooses either which is accepted and twisted, and returns the reply to the 
connection-request side router. The router which was able to accept the connection request can stretch a 
BGP peer, and can notify a course using a BGP peer according to a BGP protocol. In two sets of the BGP 
routers with which the BGP peer was stretched, it is automatically exchanged in channel information. 
[0049] Drawing 6 is a sequence which shows exchange of the VPN course between the edge routers 150 
after VPN course registration of the edge router 150, and registration. The administrator of the edge router 
A performs setting out which connects the BGP peer for course exchange with the router of a user network 
first (sequence 610-A). The same of the setting out may be said of the case of the edge router B (sequence 
610-B), and the setting order of the edge router A and the edge router B is not asked. 

[0050]The edge router A which received a BGP peer's setting out advances the connection request of the 
peer for course exchange from an administrator to the router A of a user network (sequence 620-A). The 
router A of the user network which received the connection request returns ACK, when accepting a 
connection request, and when refusing, it returns NOTIFY which is an error notification (sequence 630-A). 
The edge router A transmits a connection request message, in order to connect the BGP peer for course 
exchange to B which is other edge routers of a communication enterprise network (sequence 640). The 
edge router B which received the connection request message returns ACK, when accepting a demand, and 
when that is not right, it returns NOTIFY (sequence 650). After a user network and communication 
enterprise network side s connecting a BGP peer to both by the above, a course is notified to the edge 
router A from the router A of a user network. The edge router A which received the notice writes the 
course in the route table for every VPN user held in a router, exists in a communication enterprise network, 
and also it notifies the course to B which is an edge router (sequence 660-A). The edge router B notifies a 
VPN course to the edge router A similarly (sequence 660-B). 

[0051] Drawing 7 is a sequence which shows VPN deletion of the edge router A. The case where a certain 
user network is deleted with the edge router A is shown. 

[0052]The administrator of the edge router A sets up deletion of the BGP peer beforehand stuck on the 
user network A to the edge router A (sequence 710). The edge router A which received the command of 
BGP peer deletion advances a BGP peers deletion request to the router A of a user network (sequence 
720). After the router A of the user network which received the deletion request checks whether the 
deletion request can operate normally, it permits deletion or returns an error (sequence 730). Since the 
router A and the edge router A of a user network hold the course notified from the edge router B for every 
BGP peer, all the courses notified by the BGP peer are deleted from the route table in the router A of a user 
network with deletion of the BGP peer stuck between the edge routers A. 

[0053]The edge router A which received the deletion response from the router A of a user network 
advances a BGP peers deletion request to the edge router B (sequence 740). The edge router B which 
received the peer's deletion request deletes a peer with a deletion request from the BGP peer management 
table in a router, and returns ACK (sequence 750). The course notified to the edge router B from the edge 
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router A before a BGP peer's deletion is deleted from the route table for every VPN at the time of a peer's 
deletion. 

[0054] Drawing 8 is a sequence which shows VPN deletion with the edge router A and the edge router B. 
[0055]The administrator of the edge router A sets up deletion of the BGP peer beforehand stuck on the 
user network A to the edge router A (sequence 810-A). The administrator of the edge router B also sets up 
deletion of the BGP peer beforehand stuck on the user network B to the edge router B in a similar manner 
(sequence 810-B). 

[0056]The edge router A which received the command of BGP peer deletion advances a BGP peer's 
deletion request to the router A of a user network (sequence 820~A). The edge router B with which 
communication enterprise network router device B received the command of BGP peer deletion similarly 
advances a BGP peer's deletion request to the router B of a user network (sequence 820~B). After the 
router A of the user network which received the deletion request checks whether the deletion request can 
operate normally, it permits deletion or returns an error (sequence 830-A). After the router B of the user 
network with which the user network router B side received the deletion request similarly checks whether 
the deletion request can operate normally, it permits deletion or returns an error (sequence 830HB). 
[0057]After the BGP peer deletion by the side of the user network routers A and B is completed, the edge 
routers A and B perform BGP peer deletion between edge routers (sequences 840 and 850). 
[0058] Drawing 9 is a sequence of the data communications between user networks. The edge routers A and 
B should finish exchanging the course of the user network as pre-preparation of data communications. The 
sequence which communicates a data packet is shown in the router B of a user network from the router A 
of a user network. 

[0059]The router A of a user network transmits a data packet to the edge router A (sequence 910). The 
edge router A which received the data packet transmits a data packet to the edge router B with reference 
to the route table corresponding to VPN of a data packet (sequence 920). The edge router B receives a 
data packet and transmits a data packet to the router B of a user network with reference to the route table 
corresponding to VPN of a data packet (sequence 930). 

[0060] Drawing 10 is a BGP peer connection-request flow with the router of a user network of the edge 
router 150. The edge router 150 into which the connection request was inputted from the network 
administrator (Step 1005) transmits to the router of a user network with the IP address specified in the 
connection request message of the BGP protocol (Step 1010). The edge router 150 waits for ACK of 
connection from the router of a user network after that. When the router of a user network refuses the 
connection request of the edge router 150 for the reasons of an error etc., the router of a user network 
returns NOTIFY which is an error message to the edge router 150 (Step 1020). If not ACK but NOTIFY is 
received, an error will be outputted to a display monitor (Step 1025). If ACK which shows that the BGP peer 
was normally connected from the connection partner is received (Step 1030), the BGP peer information 
that it succeeded in connection will be added to the BGP peer management table 346 (Step 1040). 
Drawing 1 1 is a receiving flow of the BGP peer connection request from the router of a user network of the 
edge router 150. 

[0061]Before receiving a connection request message, the edge router 150 inputs the IP address of the 
partner router which permits connection (Step 1105). Setting out which enumerates one IP address at a 
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time, and setting out which permits all the IP addresses by the side of a connection request are performed. 
A connection request message is received from a connection partner router after that (Step 1110). The 
receiver edge router 150 which received the connection request message checks a connection request 
message. Discover abnormalities to a connection-request message packet, or (Step 1120), When the 
request message from the connection partner who has not set it as the IP address of the partner who 
permits the above-mentioned connection arrives (Step 1130), Connection is not established, but NOTIFY 
which is an error message is transmitted to a connection-request former router (Step 1 1 25), and an error is 
outputted to a display monitor (Step 1 135). 

[0062]When it permits connection, ACK is replied to a connection partner (Step 1140) and the 
connection-request receiver edge router 150 registers a new BGP peer into the BGP peer management 
table 346 in a router. Drawing 12 shows the flow of the connection-request processing of the edge router 
150 at the time of making BGP peer connection between the edge routers 150. 

[0063]It is shown on the assumption that the method which adds VPN-ID to a connection request message 
clearly as a method of identifying a BGP peer's VPN. A network administrator sets the IP address and 
VPN-ID of a BGP peer connection destination as the edge router 150 in a group (Step 1205). The edge 
router 150 which received setting out from an administrator transmits a connection request message with 
VPN-ID to a connection partner's edge router 1 50 (Step 1210). It waits for connection ACK after that. When 
a connection partner's edge router 150 refuses connection, NOTIFY which shows an error and its cause is 
returned to the edge router 1 50 by the side of a connection request (Step 1 220). The edge router 1 50 which 
received NOTIFY outputs an error to a display monitor in order to notify an administrator of it (Step 1225). 
When a BGP peer's connection is normally permitted from a connection partner's edge router 150, the edge 
router which transmitted the connection request receives ACK (Step 1230). The edge router 150 which 
received ACK adds the BGP peer who newly connects to the management table 346 (Step 1240). 
[0064] Drawing 13 shows the flow of the connection receiver processing of the edge router 150 at the time 
of making BGP peer connection between the edge routers 150. It is shown on the assumption that the 
method which adds VPN-ID to a connection request message clearly as a method of identifying a BGP 
peer's VPN. A network administrator registers the IP address of the partner who permits connection, before 
receiving a connection request message from the other edge routers 150 (Step 1305). A connection request 
message is received after that (Step 1310), and the connection request message which received is checked. 
As for the case that the value of VPN-ID which is not in agreement with the IP address of the partner who 
abnormalities are discovered by the connection-request message packet, or permits (Step 1320) and 
connection (Step 1330) and which is contained in a connection request message is unusual (Step 1340) etc., 
connection is refused. In order to transmit NOTIFY in order to notify an error to the edge router 1 50 of 
connection-request origin (Step 1325), and to notify a router administrator, an error is outputted to a 
display monitor (Step 1335). ACK is replied to the connection-request side when accepting a connection 
request (Step 1350). In order to register new connection, it adds to the BGP peer management table 346 
(Step 1 360). 

[0065] Drawing 14 shows the flow of the connection-request processing of the edge router 150 at the time 
of making BGP peer connection between the edge routers 150. The edge router 150 which received the 
connection request as a method of identifying a BGP peer's VPN shows on the assumption that the method 
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to which VPN-ID is made to correspond, a connection partner's IP address, and. 

[0066]A network administrator sets the IP address and VPN-ID of a BGP peer connection destination as 
the edge router 150 in a group (Step 1405). The edge router 150 which received setting out from an 
administrator transmits a connection request message to a connection partners edge router 150 (Step 
1410). It waits for connection ACK after that. When a connection partners edge router 150 refuses 
connection, NOTIFY which shows an error and its cause is returned to the edge router 150 by the side of a 
connection request (Step 1420). The edge router 150 which received NOTIFY outputs an error to a display 
monitor in order to notify an administrator of it (Step 1425). When a BGP peers connection is normally 
permitted from a connection partners edge router 150, the edge router 150 which transmitted the 
connection request receives ACK (Step 1430). The edge router 150 which received ACK adds the BGP peer 
who newly connects to the management table 346 (Step 1440). 

[0067] Drawing 15 shows the flow of the connection receiver processing of the edge router 1 50 at the time 
of making BGP peer connection between the edge routers 150. The edge router 150 which received the 
connection request as a method of identifying a BGP peer's VPN shows on the assumption that the method 
to which VPN-ID is made to correspond, a connection partner's IP address, and. A network administrator 
registers the IP address of the partner who permits connection, and corresponding VPN-ID, before 
receiving a connection request message from the other edge routers 1 50 (Step 1 505). A connection request 
message is received after that (Step 1510), and the connection request message which received is checked. 
Connection is refused when not in agreement with the IP address of the partner who abnormalities are 
discovered by the connection-request message packet, or permits (Step 1520) and connection (Step 1530). 
In order to transmit NOTIFY in order to notify an error to the edge router of connection-request origin 
(Step 1525), and to notify a network administrator, an error is outputted to a display monitor (Step 1535). 
When accepting a connection request, VPN-ID is specified from a connection partner's IP address (Step 
1540). And ACK is replied to the connection-request side (Step 1550). In order to register new connection, 
it adds to the BGP peer management table 346 (Step 1560). 

[0068]ln a BGP peer's deletion in the edge router 150, drawing 16 shows the flow by the side of a deletion 
request. A network administrator inputs the IP address of the BGP peer who deletes first (Step 1605). Next, 
a deletion request message is transmitted to a BGP peer partner's edge router 150 (Step 1610). It waits for 
ACK from a connection deletion partner's edge router 150 after that. 

[0069]If deletion goes wrong with a partner's edge router, the NOTIFY message which is an error 
notification will be replied (Step 1620). In that case, in order to notify a network administrator of an error, an 
error is outputted to a display monitor (Step 1625). If a partner's edge router 150 deletes a BGP peer 
normally, ACK which notifies it is replied (Step 1630). The edge router 150 deletes the entry of the peer who 
deleted from the BGP peer management table 346 after receiving ACK (Step 1640). 

[0070]In a BGP peer's deletion in the edge router 150, drawing 17 shows the flow of a deletion request 
receiver. The edge router 150 receives a deletion request message (Step 1710). When the BGP peer who 
abnormalities existed in the connection request message, or was specified as (Step 1720) and the BGP peer 
management table 346 by the deletion message does not exist, NOTIFY which is an error message is 
transmitted and an error output is carried out to a display. When deletion is performed normally, ACK is 
replied to the other party edge router which transmitted the deletion request (Step 1740), and a BGP peer 
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applicable from the BGP peer management table 346 is deleted (Step 1750). Although the example was 
given by making into a communication enterprise the administrator of a physical network who provides a 
VPN service above, it is clear that it can divert also to a corporate network. 
[0071] 

[Effect of the Invention]By using the method described above, it enables a communication enterprise to 
build a VPN service easily using the existing router. 

[0072]Therefore, since the existing setting-out knowledge can be diverted while introduction cost in case a 
communication enterprise is going to provide a VPN service becomes cheap, operation management cost 
also becomes cheap and a cheap VPN service can be provided for a user. 
[Brief Description of the Drawings] 

[Drawing 1] It is a lineblock diagram of the network system in the VPN service of this invention. 

[Drawing 2] It is a hardware-constitutions figure of the edge router of this invention. 

[Drawing 3] It is a software configuration figure of the edge router of this invention. 

[Drawing 4] It is a figure showing the route table which an edge router uses. 

[Drawing 5] lt is a figure showing the BGP peer management table which an edge router uses. 

[Drawing 6] It is a figure showing the sequence diagram in the case of the VPN registration between edge 

routers. 

[Drawing 7] It is a sequence diagram in the case of VPN deletion with edge router of one of the two. 

[Drawing 8] It is a sequence diagram in the case of VPN deletion with both edge routers. 

[Drawing 9] lt is a sequence diagram of the VPN communication between the routers of a user network. 

[Drawing 10] It is a figure showing the flow of the BGP peer connection request by the side of a user 

network. 

[Drawing 1 1] It is a figure showing the flow of the BGP peer connection reception by the side of a user 
network. 

[Drawing 12] It is a figure showing the flow of the BGP peer connection request by the side of the 

communication enterprise of a method which includes a VPN identifier in a request message. 

[Drawing 13] It is a figure showing the flow of the BGP peer connection reception by the side of the 

communication enterprise of a method which includes a VPN identifier in a request message. 

[Drawing 14] It is a figure showing the flow of the BGP peer connection request by the side of the 

communication enterprise of a method which identifies VPN in a connection partner's address. 

[Drawing 15] It is a figure showing the flow of the BGP peer connection reception by the side of the 

communication enterprise of a method which identifies VPN in a connection partner's address. 

[Drawing 16] It is a figure showing the flow of the BGP peer deletion request by the side of a communication 

enterprise. 

[Drawing 17] It is a figure showing the flow of the BGP peer deletion reception by the side of a 
communication enterprise. 

[Drawing 18] It is a lineblock diagram of the network system in the conventional VPN service. 
[Description of Notations] 

100-A, 100-B, 1 10-A, 1 10-B — The network of a user network, 120 — The network of a communication 
enterprise network, 130-A, 130-B, 140-A, 140-B — The router of a user network, 150-A, 150-B — Edge 
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router, 160-A, 160-B, 1 70-A, 170-B — Route table, 180 — A core router, 190-A, a 190-B — BGP peer, 195 

— Tunnel, 200 — CPU, 210 — A memory, 213 — Operating system, 215 — Control software, 220 — User 
network side network controller, 225 — The communication enterprise network side network controller, 230 

— Keyboard controller, 235 — A keyboard, 240 — A serial controller, 245 — Mouse, 250 — Controller 
displays, 255 — A display, 260 — Disk controller, 265 — A disk unit, 310 — An I/O control unit, 320 — 
Route table Management Department, 330 [ — The BGP peer Management Department, 346 / — A BGP 
peer management table, 350 / — A data relay part, 360 / — User network side communications 
department, ] — The course filter Management Department, 335 — A course filter table, 340 — Routing 
protocol packet analyzing parts, 344 370 — The communication enterprise network side communications 
department, 380 — User network side network interface section, 390 — A communication enterprise 
network network interface section, 410 — The IP address of a course, 420 [ — The IP address of a course 
transmitting former router, 460 / — The attribute of a course, 510 / A BGP peer identifier, 520 / — A 
connection partner's IP address, 530 / — VPN-ID. ] — The subnet mask of a course, 430 — NextHop of a 
course, 440 — An I/F identifier, 450 



[Translation done.] 
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[0 0 2 3] X^S?;!/— £ 1 5 0 fiO»Bf-7;l/ 1 6 
OSfctel 7 OiiVPNStcflfBg^nSo x«r>*;l/-^ 

1 5 0 - A fi^IJSf^;!/ 1 6 0 - A & s 
;l/tc^tJS*rSrL-— *f*H 1 0 0-Afl©f^*xx— 

1 3 0-A)b^3»a!), S^jA^o L T f r] 13 
VPNfcffi«^38U<BXy^/l/-£ 1 5 0-BrttDS£S 
-r— 7;M 7 0-Afr5aftl*tifc«Bfe»#atro x 
y v7b- # l SOFI^VPN JSttOSElft© bu*« £ L 20 
t, VP N«5(i:SSi:LfeliBXl*ffifti¥a*fli*"r5^ 
W8*c ffl$W?S^Ii: LT B G P y □ h ^ 
;boe7*^5 a *(Sti ip^7 h?— *±T?a«*« 

SE^tlfcTCP (Transfer Control Protocol) gi© 

*©TCP»«!*ffli^rattA^**tiac JM 

[0 0 2 4] VPN^BGPb°7l 90-A, 190 
-BSEttSo BGP t°7±^n£^^i»R^y 
h tcti V P N*«BU-rs« Wtt-S-feftv^ USSfitfg^ 30 
{Mbfcxy B G P^7i:VPNj|giffOW 

J£STS§ B G P ^7flf-y;l/3 4 6 (El 5 tCTS¥ 

[0 0 2 5] V PN1M MWOiffi«*±X^^I/— £ 1 5 
0HJT?a«i8*tt£U ^I»VPN©f-^^ 
h*2ft-rcfcTftfrft5 0 3 7;W * 1 8 OteVP 

[0 0 2 6] |2tJ:X7^W^ 1 5 0<Oa-F')x7 40 
[0 027] CPU (Central Processing Unit) 2 0 

Ote^-tU 2 1 OtctS^fl^nTi/^yn^A^HtT-r 
Sfc46coyD-fe^-9-TfeS 0 2 1 OCD^tdiiaS 

[0 0 2 8] XL— 9*«flfl**v h t 7—^r3>hn-^2 2 
Olixy^J 1 5 OtfxL— mHO^U — £££>I^Tlr 

5i36Sffli**jwrso at»»«»i*7 hy-^xF> so 



£ 1 5 0 kOM^fi : -5iSSSfl*SJW'rs 0 
Kxi>hD — ^2 3 0&4 1 — K2 3 5 -frt>(D3—\ 
ti^UWt^a ^U7;I/3>ha-7 2 4 0tt^'J7;I/ 

fflj-rso fVx^w^^hp-72 5 otixVx^u 

-T^rx£2 5 5^©nBDSf*^*l6iH|l'r« (J f>X^> 
ha-72 6 0^fVX^ii2 6 5^AffiAM 

[0 0 2 9] ^ffiffllfcfc^Tfcfc. *7h7-* 

illta§x r >V^ 1 5 0©I^(iiI^Sgg 
ttSftfc*— K2 3 5, v)X2 4 5, fVX^b 
^tx^2 5 5*^6ff-5dfc*ffi»i:LT^Stf f x^ 
v7b— # 1 5 0 hU— **^LTO&#ofciil« 

[0 0 3 0] 13^X7^1/-^ 1 50W7h^x7 

[0 0 3 1] Am*S'Jffl3gP3 1 OfcMr— #-Kfr6<DA 

[0 0 3 2] XL— h7-^^>^7x-Xf3? 
3 8 0^ xl— «f«fflflO;U— *3b^S«Lfe/^^ h£r 
xL-nf^f iJSff 3 6 0 tc* Lfc 0 , xL-^MIfJM{193 
3 6 OOfiSUcfctK hy— *fc:Sf«-r 

[0033] mmmm^mm^y h7-^^>^7x- 
xsp3 9 ot±, mcommmmmmm^y^ji-^ 1 5 

0**&»tLfc/*5ry h«afl«Fit«ffi«afiffi3 7 0 
fcffibfctk aA«lil#>Hfiia«ffi 3 7 0©S*fcJ; 

#»«iox^^;i/— * i s o ^oiffloiMSfmcBrrsao. 

[0 0 3 4] XL— *f«fl!ia«flB3 6 Oti, XL— *f«fll* 
y b^-^^^^yjL— XffP3 8 0A^6S« bfc^^7 

KBWSP3 4 0, **«SS3 5 OO^OS^^fflii 

eatsnfe^^ >y h txigm-w $f*fliin ltxl— ^ 

— )\/s\(Drtfry bMftiI!M&?75o cctMxl— 

a«ffi3 6(H£, xl— yjHfcafi-rsfci&oss— ©a« 
[0035] am*n#*Hfflija<igp 3 70^ a<s*3i 

<f*B«I*y h7-^>^7x-XgP3 9 0A^6S«L 
hS?«T^3 4 0, 7 s — #*8M»3 5 OOrtOifi 

^jafflat^^— ;i/o^iSLfct), cn&ojaa^^ 



mmmmmmm^y hv-?^>$y^-x&3 got 
mmmmm^mmmm gp 370^ *vh7^n:j»a 
[oo3 6] ^ x -^*^3 5 ch± n 3.—*?mwmm$fr 

3 6 0 fciI«*IS#fflffl!Jil{§SB3 7 0. t-y 
n hSP#rg|5 3 4 0<Dt-— £#fWsiU 

6 oxtt i 7 o*#jhu m&T%^ >Z-y ^-x* 

[0 0 3 7] ;^f^>^7°Ph3;W^7 HW*ffSP3 

mm^mu * ft « srjKrr & ft #> s "7 y 

Jl^WfflflB 3 3 0 tito £ft B G P OJ8«3S*/^ >y 
h#IE»S:&. ^n^§g^£ft&BGP^T^iIgP3 

4 4 £S***tfSlH-r*o 

[0 0 3 8] BGPlf7fIg|i3 4 4lt BGP^M 

^711^3 4 414, ±sa^-^a{i#s^^LTiifi 
*f»*-&tyVPN*«JKfSft«>»c, iVPN 

l raft *r & (i©x ^ vvu— * t <d m^M^m -r 
*ft»oiifflws**a"rs3Sflitt*3i#a4:-r*o 

«*H«BGPtfTgJI-r-:7;l/3 4 6-\«#iA^n^ Q 
[0 0 3 9] »H»7^;l/*Wiiffl3 3 (Hi. r^f> 
^Dh3;w^7 hft¥tffSB3 4 0fc<fc 0«B<Di6ira£ 
ft HU iOl^tf £ o ft £ f? , HB £ EST S S 
87^;Wg3 3 5*#B8LT. *ft*3fRpr5fr£-5 

[0 0 4 0] gtt-r-^l/SfflfflSS 2 

*THFRi*nft«»*, vpN«tcfi^n/:iiSf- 
zr>i i e o s ft*± 1 7 o^ttM, ^n^nosss-r 

— VP Ntcftj£LTV^OT\ H<DVPNfc:SB 
*»friitT*^ B G P tf 7ilf- 7?V 3 4 6 ##Rg L 
TSSt^o Sfe88f-^HfIffi3 2 0l4, -r— * 
hfeilStDftfeJcHSB-r-^l/ 1 6 0 Icftfe* 1 7 0 

[0 0 4 1 ] H4iiX7^j? 1 5 OA^ffltSiS 

•So 

[0 0 4 2] «B-r— 6 0£ft& 1 7 Otcfi, § 

V P NO«SKtSffl3b^-^;l/JBiCT*SjflSnTl/^o # 
ISBWIBfcteSBo I P7FI/X4 l o. 
I DbtXh I Di^M^nS I P7KUX^ * 

^7FV7^4 2 0, N e x t H o p 4 3 0. ^ — 
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7x-x»giJ?4 4 0, «HH3S«7c;b-#o I P7 Kb 
X4 5 0, «»OJBtt4 6 0A^*nS o 
[0 0 4 3] m$&<D IP7KUX4 10, U^^y hv 
4 2 ORtfN extHop 4 3 0ti, ffi;b— £ J: t) 
ilftl2ft& 0 NextHop430 ««B*iiaLfe2S 

l/^o "7.x — XfflJgiJ^ 4 (Hi, N e x t Ho 

p 4 3 0tcRtfoTl^£xy>?;l/— £ 1 5 0i£DY>^ 

10 -yx-x^?^-r§fta6O^giJ?Tfe^ 0 

[0 0 4 4] «B3Jffll7C7l^*0 I P T Fl/X 4 5 0 

x.fcf£3 B G P tfr^5*ft«B*^T«BT— 1 
6 1 7 0fc»#i£3:&^fc^3«H#OHSk: 

*f*s-rsB, JSBA^oBGPvfT^eiifiisnft^i: 

l^5*S85iMM7t;l/— £<D I P7HUX4 5 0tf#F££*l 

^ o 

[0 0 4 5] I^I'I44 6 0^ BGPynhn;l/7f 
20 ffi^?ntt^ c W^.tf Rl— «B*<aBSOB G P fcf7> 

[0 0 4 6] i5[iX7^;l/- ^^ffiffltSB G PtfT 
g*I-r-7;l/3 4 6 0JBS*^LTl/^ 0 
[0047] H50BGP \ZT%Wr—7)\> 3 4 6 felt 

BGPtrTHBy^s 1 0, saftfoi ptfuxs 2 

0, VPN-ID 5 3 0tftStl5 o B G P tf TliSiJ? 
5 1 (Hi. CO»«rtt?«Sp-rSBGPlfT*«B3iJf « 
*fP*«o S^tB^O IP7Fl/X5 2 0^VPN- 
30 ID 5 3 0ti. BGPOftasS^ftit^ f^i 
MOV P N^#^t-^fti6ffi^^n^o 
[0 0 4 8] fijRS^ 14, X y ^ y V 

^ tiSSSxlft^sf i: S ftfefciRflfiox y 
#S««W/-*fcJ\ S6«fl![fc:»LTSM«*tt«)*. ^ft 

*tcii*r 0 aas**ag»5nft;i^*tt, bgp 

40 t:°r^:?i^. B G P^o hn;M:Lf;^oTB G P tf7 
^^TlKIW^L^^^^o BGPtf7*^a 
BtLft2d©BG P;l^-*IHTtt, «B««*S»»tc 

[0 0 4 9] HI 6 tia: »y ^ l 5 0OV P N^£§^ 

ii&t^SSSOx^ ^ 1 5 O^TOVPNSBco 

ttS-fn— *fcaBSSOTOB G P er^rS 
l*t*5HS*ff'5 (^>X6 1 0-A) 0 
ttxy^;l/— ^ BO«-&t>|5|anf (^>X6 1 0 - 
50 B) x x«r>';l/-?Ai:x7^ * B ©»SJIHJ>ti|3a 
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[0 0 5 0] Sa#*>SBGPlfTOKS*S^fex^ 

©er^sas**^ (^yx6 2o-A) Q jg 

T F Y^M-T (i/-^yX6 3 0-A) 0 
X >y * A x*y *J)\s—#T* 

##SttAnS*&fciACK*SgU t3TS0^li 
NOT I F Y^rii-T (^>X6 5 0) „ W±*C«tt) 
^-i«IHMi:3ffi«»«#IH«ll75rK: BGP trr**ttL, 
fcl*. ^S^xL-nf A ^0x7 A t<: 

ffia^n^o a*p*s^fex^^;i/— # ah\ 

^rtJC^JS-rs VPNn- ■9 s f5<Dij&£g-r— 
^Tfes BiciiSrrs C^>X6 6 0-A) „ 

x^;l/— £ B fera«lcLTVP N«x 7 ^-^ 20 
AtCiffiJp-rS O— y>X6 6 0-B) 0 
[0 0 5 1] H7tixy$;;l^-*A(DVPNgiJ»*^-r 

[0 0 5 2] x«r>*;^^AOfIf^, X7^;l/-^ 
AtWLta- tffflAfcS&frUftlfioTfe* B G P tf 
70BiJI»*8a:S-rs (^yx7 1 0) 0 bgph7 
H'JI*<DiflH**3W-fcx *v 9 A xl— -9*»307lx— 
*Atc»LTBG Pb?7 p OgiJI»S**m-r (^>— !r>X 
720)0 BUKS**SWfc^— 1f*H<o;l/— * Ate^<D 30 

S-TSA^x^-^rMt- (^>X7 3 0) 0 xl— tfffl 
C0;b— ^ A . X *y vvl/— ^A^t tcx »y & B ^ £ 

I»Snft8B4B G P tf7@tcffiM LTl^OT\ x 
y A i:OlffllcllfioT£5 BGP ifTOHURlcff 

[0 0 5 3] xl-^<7);1/— £ Afr&<D8U^j£S*£tt 
/cX7^;l/- £ Att, x*y5>;l/— #Bfcl#LTB G P tf 
T(DglMB^*ttl-r (^>X7 4 0) o tfTOffJPf 40 
B**StfftxyS?;l/-* Bfcfc;!/— ^rt^OB G P t°7f 
?Bx--7;l/A^fiUttffi*0*ofclfT*ffML, AC K 
•^M^r (^>X7 5 0) „ B G PlfT^B'JI^HUtcx 
-J *J)\s— &kfrt>3Ly *J)\,— ZBlC »*q 2 ft *ISg fc* . 

t?70B'JRI^IcVP N«OJIS8S-r— ^l/3b^6»JI»^n 

[0 0 5 4] H8ttxy5/;l^- ^ AStfxy^b- ^B 
WVP NgiJ^^-Ti/— 5r>X?&£o 

[0 0 5 5] xyy;Ir-J? AOS2B#fcl\ xy^ji 
AtC^fbTXL— tf«Afcfc6**i;fcteoTfc&B G Pt! 50 



7<D8'JI»*K^r5 C^>X8 1 0-A) o X7v? 

1f*HB££Sfri;«>flfioTfc£ BGP tf rogiJUt^rSa^ 
-TS (^>X8 1 0-B) o 
[0 0 5 6] BGP tfTBlJ»Oft^*«»ftX«);^;l/— 
£ Att, xl— £ AWLTB G P tx°7<Dft'LlR& 
SS**ffl-r (^yX8 2 0~A) a ^lfi*m#f^U 
~^if B felWiaiti: BGP £78'J»Olfitf**§W-;tex*y 
* Bfcfc* XL— IffflO;!/— JBt^LTB G P tiT 

(onmm^m- (^>x8 2o-b) s gijptB^ 
t # s ^ *«K l fflB^wg-r 5^x7-*i 

*T (^>X8 3 0-A) Q xl— +f38;l/— £ BfiijTk 

E#jWE* ftft -e * « A^StS L fc«, i»£ tf s-r 
5^x7- £rilt* (^-^>X8 3 0- B) a 
[0 0 5 7] XL— ^ARtfBfltlOB G P tf^Bd 
»*^7Lfc», xy^;l/-£ A&tf Bte, x^^;l/- 
*Pa©BGPlf7 T BiJI»*fi : 5 (^>X8 4 0, 8 5 

0) Q 

[0 0 5 8] H9t±il— if*|MOT f '-*ffl«<D2/— 
XT^So 7*- £ ilfl^tu^fl ^LTX7 £ A , 

8S<D;l/— £ A ^ £ xl— 9* ffl£>;l/— ^ b t 1 — ^? ^^r y h 
*mm-?%>is— 5r>X^to 
[0 0 5 9] xl— *fJHo;l/-^ Att, x>y^;b-^A^ 
^^^r^v h£ri£{rr£ 0>-^>X9 1 0) 0 x— 
^/^^ hSSIILftxy^jfAtt, ^^^r^ 
h © V P N £*fjS-r 3«ft-r— 7;l/*#5B U x*> >>> 

0) o x«r^*Biif-j^7 h*swaao, ^ 

T. ^/^^ h^xL— 1f^;l/— £B&c$siirr£ 
y>X9 3 0)o 
[0 0 6 0] HI Otexy ^ 1 5 0€>. XL— ^RSJ 

*«a#^6»l«H**X* (Xf7^i 005) 

?tl/:X7^l/-^ 1 5 0ttBGP^Pb3;I/O»«S 

HS®;1/— (Xf77"i 010). fogx 

v*J)\*—& 1 5 0t±xL— >^6jBKOA C K 
^:ff0 0 feLXL— -ifJHo;b— ^tfXy^W ^ 1 5 0<Q 

SfaH**x^-aH©a*T*g5-r*k#«4, xl— tr 

»;l/-^^X7^;l/-^ 1 5 0^x^— ^ ^-b- v^T 
fe^NOTI F Y^rigf (Xf7^1 0 2 0) Q feLA 
CK NOT I FY4S»Sofe6, fVXT^l/ 
-r^xx^-\x^-^ffi^^r^> (Xf7^1 0 2 5) c fe 
LSHJ!ffi^6iE»fc:B G Pej^ggL/cCh^t 
ACK*S®brc6 (Xf7^1 0 3 0) . JgMt-fiScXA 
bfc BGP If TW*B* BGP tf 7fif-7;l/ 3 4 6 tC 
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mn-?& (Xf 7^1 0 4 0) 

[0 0 6 1 ] jgM^^^-b-^§{l*r^M^. x>y 
*J)\^Z 1 5 Ofc*Stt«fSt-£ffi#vl/— I P7K 
^X^A^t^ (Xf^yi 1 0 5) o I P7K1/X* 
1 of'oli^Jt-SS^JftttgaiffllO^TO I P7KU 

3WS*-?«*y-fe— (X-r^y^l 1 1 0) 0 » 
IS®*;* -y-b— ^*S»feSfittl^^ £ l 5 o 10 

hfcjifjt^jgjILfcO (Xf^^l 1 
20), ±B2©»tt*M : S'rstB^O I PTKUXfcS 
>£ LTl/^l/^fflMtU^ 6 ©BSR* >y -fe— ^ffltL/c 
(Xf-y^l 13 0). SaJfc*5tft^-r. S^SaR 
7t:;l/— #fc:x5— ;**y-t?— ^TfcSNOT I FY^r^fl 
L (X-r^y^l 12 5), t"V XT'W^Ex^'xx^— 
^UWrT* (X^r^y^l 135) 0 

coo6 2] mmmmt&m^ mm^ickc 

ifU (Xfy^l 14 0) , 20 
— * 1 5 0^ ;l/-^rt^)B G P t!7f 4 

e^fffc^B g p t 0 T^afeit-^o Hi 2&x*y^;i— 

£ 1 5 0^BGPh°7ii^t^^ x^y;!/-* 

1 5 0©ai*i?*«li!l!O7P— *^"To 

[0 0 6 3] BGPtf70VPN*«giJ-TS^i:bT 
»»fi*^ y -fe-^B^WtV P N- I D*f*ip-rs 
7a^tu^LT*rfo *7h7-*fI«liBGPe 
TSBttifeO IP7Kl/XkVPN-ID ^itx v *Jft, 

1 5 oics^rs (xf77i 205)0 en#^ 

^rgS^^fcX^^^ 1 5 OteVPN- I Df* 30 
#OiS«l!K*^*yfe— y*S*BD?OX7y;i/-J 1 5 
Olcmm^Z (X-r^7M 2 1 0) o ^)tffiACK 

*f#Oo feL»atB¥ox^^;i/-^ 1 5 otimmzm 

5Lfc*&, X7"k^SH^tNOT I FYtfJg 
«EE*flUOJCy^;W* 1 5 OfcUIiXSftS (Xf'V^ 
1 2 2 0) o NOT I F Y*£«Lfcx^;l/— £ l 5 

'XX^— ^m^-T^ (XT7^1 2 2 5) D JDtfclB G 
P ^7©gimill$(?)X7 v7b-£ 1 5 O^SIMFrT 

ffll*B5R*36«Lfex*y^;l/— C K 40 
(Xf77°1 2 3 0) o ACK^§(IL/cX 
7S>>-^ l 5 0 tiirfetciaaa-rs BGP b°7^tlr 
3 4 6tciliHrf s (xf^/i 240) 0 

[0 0 6 4] 121 1 3 texy^/l/— £ 1 5 0^t?B G P tf 
rffiBcfcTSUMX X*y £ 1 5 0<DJS»cS«fflUffl 

^tjcTo BGP t!7©V P N^rrTffl'JT^^S 
^ ITgigt ^ 7 ■iz-^U^^Wt V P N - I D%tt 

Mfc, g^|^*rstB#© 1 P7F UX^JTT £ 50 
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(X^^y^l 3 0 5) 0 *0»»«S*>«-yfe-s;** 
ft L ttf^y^l 3 10), SflLfc»SJtE#*'y-fe- 
^Wz7m o febSBMSSiy -y-fc-vv^y hie 

mn&f&K'Stirc*) (xfy^i 320) , »s»*ffFg 

-T^ffl^) I P7 7 KUXt-SL^ (Xf7^13 3 

0) , sasis^yb-y^insvPN-i Dott 

tfRfifTfeS (Xf7yi 3 40), S0*&fc*88K* 
fiSt^o x^-^^g^Jt^x^Vl/— £ I5 0ic 
ajp-TSfcto. NOT I F Y^jMfgb (Xf7^1 3 2 

5) s /]/— *Sffl#fc:ffiftrr£fci&, fVx^Wtx 

^^x^-^m^j-r^ (xf'^i 335)0 g^g* 
*sw-Ans*&, &ffim&MfcACK*mw'?z> (x 
f'^i 3 5 0) o »ffe&»a*a»-rsfc4&, bgp 

tTTSPfi-r— ^;l/3 4 6 tcifiiin-f 3 (Xr7^l 3 6 

0) o 

[0 0 6 5] HI 1 4 lix-v Vib—Z 1 5 0 K~£ BGPt! 
Tfgm%:T2>m<D^ X7v;l/-^ 1 5 OOgig^ffli 
070^*Sto B G P tfZ^VPN^Ii^iJ-r^^a^ 
LT8«B**SIbfcX7^* 1 5 OtfSttffi^ 

0 i P7Fux^ vpn - i D**ns^-^s3!ric*Hj« 

[0 0 6 6] hV-^Ba#«BGPlf7'»ait© 

1 P7Fl/X^VPN- I D«1TX7^1/-^ 1 5 0 
fcSft^TS (Xf77 P l 4 0 5) o Wl#fr6<£>i8S* 

fi#M'v5;;i^? i soicmm-tz (xf7^i 4 1 

0) o f«lACKm feL8»X7^ 
5 0tf«tt*}EgLfcJfl£\ X7-kfW;i 
^tNOT I F Y7b<»J«B*ffll©xy^;l/— * 1 5 0 
JcljiaiSnS (Xf7^1 420)o NOTIF Y^r§ 
iSLfcxy^;!/— * 1 5 0 ti^n^f li^ISlt £fc 
#x fVxy^^x^AX^aiWl) (Xf-y:/ 
1 4 2 5) Q lE^d BGP \?T<D&mtf&fflfc^<D^V 

1 5 0fr5ffRT2nfc*&. 
fexy i;;l/"Jf 1 5 0{±A C K*Sit5 (Xf77"l 
4 3 0) o AC K^{fLfcX«y^/W-£ 1 5 0 t±«fte 
BGP tfT^JI-r— ^;l/3 4 6 ItliffihrT* 
(Xf 77"1 4 4 0) o 

[0 0 6 7] Hi 5fc£x*y>?;l— £ 1 5 OlfflTBGPtf 

Tsa***rsis©. x 7 ^i/-^ 1 5 oo»as«««i 

fKDX a — *^-r o BGPtfTOVPN^BU-rs^ra 
i: LT««gjR*S«L;fcx^;l/-$r i 5 OA'SKBEffl 
1 PTKUX^VPN-I D*#j£2-££#S*nu 
jf£LT*rr o h7-*gil#t±ffix-y^;l/-* 1 

m-?Z>Ml^cD I PZKlxXfcJtJE-TSVPN - I D£:l£ 

srr& (xf7^i 505) o *©»««B*^*vfe— 

S^SSfl L (X-x^y^l 5 10). SftLfcS^g*;* 
V hfc««*<SHt*tlfc«? (Xf77°l 5 2 0) , g{| 
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1 5 3 0) »^t±SSM*Jg5-rSo xt7-*»ttEjSc7c 

ox7^t/- ^^imn*r^/c46, not i fy^ml 
(xf7^i 525) , *v bu-^mmmicm^ 

ft#K -^VX^lz-r^e-^-xoi^-^tU^-r^ (X-r^y 
?1 5 3 5) 0 Jgfe J ^*^^Atl^ii^ iSMtll^O 
IPTFl/Xi^VPN-lD^St^ (X*r*y^l 
5 4 0) o ^LtgigSltA C KJ£mmtZ> (Xf 

•y^i 5 5 o) o mrc&mm&wmt&tctbs b g p if 

7flf- 7;l/3 4 6^:}fiStrf £ Ur^^i 5 6 10 

0) o 

[0 0 6 8] il 6 l±3-yzs)\s— $ 1 5 0 lc%5t,f& B G 

-To sf^7h7-^tim> gyRrr^B g ptfro 
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